I have a utility which runs at certain intervals. My customer now wishes for it to send an email when the task is completed.
They want to be able to control the email address, meaning, they want to ...

Im finding it difficult to understand reverse look up tables and how it works, and the concept of hash chains. This is apart of a computer security model i am taking.
So i understand that brute force, ...

I want to hash "user + password".
[EDIT: prehashing "user" would be an improvement, so my question is also for hashing "hash(user) + password". If cross-site same user is a problem then the hashing ...

Using Reverse Lookup Tables, you create a lookup table consisting of the password hash of user accounts. Then you use another table which consists of hashes with guessed passwords. Then you compare ...

We have half-implemented proper key management at our dev shop. We have a SOAP web service (the key management web service) that can be used to retrieve passwords for other systems. So for instance, I ...

So I'm working on my first password reset mechanism. I'm going with what I understand to be a fairly common procedure:
User clicks "Forgot Password"
User is prompted for email address
If the entered ...

Many a times I need to log into a website that I used months ago and have forgotten my password. So clicking the reset password link and the site sends me an email with a single use link which allows ...

I have a web service. Right now, I have passwords stored in plain text in a MySQL table on my server. I know this isn't the best practice, and that is why I am working on it.
Why should passwords be ...

As I understand in most security breach where the list of hashed password are compromised, attackers do use brute-force to try to find weak password and, invariably, they always find quite some (like ...

I'm building a web application that connects to other web services (using strictly anonymous binding, so no user passwords are being used). However the web application maintains its own users itself, ...

I'm currently managing and re-factoring a piece of software that has been used at my company for over a decade now. One of the elements of this application is a sort of admin or power-user mode which ...

I want to save some user-generated data with some signature of the user that generated it (let's say that the user has to fill some forms with some data and I want him to sign the written data).
The ...

What exactly does "Security through obscurity" means in the context of stroing unencrypted passwords?
I'm using a small program (I won't name it, to not enlarge enough large shame on its author) that ...

Ever since I heard about programming, I was told that any password (especially the one used on login) should be stored in database using any kind of one-way hashing algorithm, and never ever as plain ...

How do current web browsers (or mobile mail clients and any software in general) save user passwords? All answers about storing passwords say we should store only hashes, not the password themselves. ...